Share this article on:
Manchester, NH-based medical device company NuLife Med LLC recently announced that it was the victim of a cyberattack in March 2022. Suspicious network activity was detected on or around March 11, 2022, and steps were immediately taken to prevent further unauthorized attacks. network access. An investigation has been opened to determine the nature and extent of the attack and to enable the restoration of its network and systems. The investigation confirmed that unauthorized individuals accessed its network between March 9 and March 11, 2022 and potentially accessed and exfiltrated files from its systems.
It was not possible to determine which files had been accessed or deleted from its systems, nor the exact number of files that had been accessed or exfiltrated. Notification letters have therefore been sent to all those potentially affected. Examination of the records revealed that they primarily contained protected health information such as names, addresses, medical information and/or health insurance information. A limited number of people also had their social security number, driver’s license information, and/or financial account or credit card information exposed.
NuLife Med said it is currently reviewing records to try to determine which individuals had information other than impacted medical and/or health insurance information, and additional notifications will be sent to those individuals as the investigation into the violation will be terminated. NuLife said no reports have been received to date that patient information has been misused.
The data breach was reported to the HHS Civil Rights Office as affecting 81,244 people.
Ransomware attack affects 28,000 patients at FPS Medical Center
FPS Medical Center in Lake Havasu City, AV, recently announced that it suffered an incident of malware that encrypted files on its network. The security breach was detected on March 3, 2022, with subsequent investigation determining that its systems were first breached on February 28, 2022. Unauthorized access was blocked on March 3, 2022.
A forensic investigation was conducted to determine if patient information had been accessed or exfiltrated, but it could not be determined whether any files had been viewed or downloaded, although the possibility of access not authorized and data theft cannot be ruled out.
A review was conducted of all records on the parts of the network that were affected, which ended on April 25, 2022. The records contained full names, addresses, dates of birth, license information driving, medical information such as treatment and diagnosis information, health insurance information and limited social security numbers.
Notification letters have now been sent to the 28,024 patients whose protected health information was potentially compromised. FPS Medical Center said it is reviewing its policies and procedures and will implement additional administrative and technical safeguards to further secure the information in its systems.
Schneck Medical Center announces cyberattack and data theft incident
Schneck Medical Center in Seymour, IN, began notifying some patients that some of their protected health information was contained in files exfiltrated from its systems.
The medical center did not say in its notification whether the security incident had been detected, but said a thorough forensic investigation and manual review of documents had been conducted, which determined on March 17, 2022 that files had been exfiltrated from its systems on or around September 29, 2021. .
The files contained names as well as one or more of the following types of data: address, date of birth, medical record number, other internal identification numbers, driver’s license numbers/state identification numbers, information on diagnoses and medical conditions and health insurance/claims information. The files also contained limited social security numbers, financial account information and payment card information.
Schneck Medical Center said no evidence was found to indicate actual or attempted misuse of patient data; however, as a precaution, those potentially at risk were offered free credit monitoring services. Notification letters were sent to affected individuals on May 13, 2022.
A review has been completed of its security systems, policies and procedures, and additional security measures are being implemented to prevent similar incidents in the future.